PBN reports: Mastodon, a social network based on software for servers of the same name, has been found to have a vulnerability that could have allowed attackers to read individual pieces of information. The problem was caused by inadequate filtering of the data transferred during LDAP authentication. The vulnerability allows attackers to smuggle in an…
Category: Commentaries and Analyses
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Ravie Lakshmanan reports: The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084….
HIPAA: Deficient or Miscast
Matt Fisher writes: The development of new technology in healthcare and the massive expansion in sources of healthcare data have both created many complications when it comes to protecting and securing sensitive information about individuals. Inevitably, the discussion then turns to the role of HIPAA, which then turns to HIPAA not meeting current needs. A recent…
Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands
Elias Groll and AJ Vicens report: Microsoft’s Digital Crimes Unit, cybersecurity firm Fortra and the Health Information Sharing & Analysis Center announced legal action Thursday to seize domains related to criminal activity involving cracked copies of the security testing application Cobalt Strike, which has become a favorite tool for cybercriminals to carry out attacks around…
What Is CIRCIA and How Does This Cybersecurity Law Impact You?
Chris Odogwu writes: The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a federal law mandating “covered entities” that deal with critical infrastructure to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). If you encounter a cyberattack, you might want to share your experience with your security team or anyone else who can…
Two-Fifths of IT Pros Told to Keep Breaches Quiet
Phil Muncaster reports: Over two-fifths (42%) of IT professionals have been told to keep a security breach under wraps, potentially inflaming regulatory compliance risk, according to a new study from Bitdefender. The security vendor polled 400 IT professionals, from IT junior managers to CISOs across various industry sectors, in organizations with over 1000 employees. Read more at InfoSecurity.